summaryrefslogtreecommitdiffstats
path: root/template/en/default/global
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-08-04 22:08:32 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2011-08-04 22:08:32 +0200
commit5d70d16f37a866852e6a48ec9fefe3664a6a9a55 (patch)
treeb193cb8a52a93619d408869931126777d8c82bb0 /template/en/default/global
parentb9c01561118c42514055b218f81cb82fa76dbb05 (diff)
downloadbugzilla-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar.gz
bugzilla-5d70d16f37a866852e6a48ec9fefe3664a6a9a55.tar.xz
Bug 653477: (CVE-2011-2380) [SECURITY] Group names can be guessed when creating or editing a bug
r=mkanat a=LpSolit
Diffstat (limited to 'template/en/default/global')
-rw-r--r--template/en/default/global/user-error.html.tmpl28
1 files changed, 8 insertions, 20 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 52ac64ddd..3e1b8748e 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -735,12 +735,6 @@
in the database which refer to it. All references to this group must
be removed before you can remove it.
- [% ELSIF error == "group_change_denied" %]
- [% title = "Cannot Add/Remove That Group" %]
- You tried to add or remove the '[% group.name FILTER html %]' group
- from [% terms.bug %] [%+ bug.id FILTER html %], but you do not
- have permissions to do so.
-
[% ELSIF error == "group_exists" %]
[% title = "The group already exists" %]
The group [% name FILTER html %] already exists.
@@ -761,23 +755,17 @@
[% ELSIF error == "group_invalid_removal" %]
- You tried to remove [% terms.bug %] [%+ bug.id FILTER html %]
- from the '[% group.name FILTER html %]' group, but [% terms.bugs %]
- in the '[% product FILTER html %]' product can not be removed from that
- group.
-
- [% ELSIF error == "group_invalid_restriction" %]
- You tried to restrict [% terms.bug %] [%+ bug.id FILTER html %] to
- to the '[% group.name FILTER html %]' group, but [% terms.bugs %] in the
- '[% product FILTER html %]' product can not be restricted to
- that group.
+ You tried to remove [% terms.bug %] [%+ bug_id FILTER html %]
+ from the '[% name FILTER html %]' group, but either this group does not exist,
+ or you are not allowed to remove [% terms.bugs %] from this group in the
+ '[% product FILTER html %]' product.
[% ELSIF error == "group_restriction_not_allowed" %]
[% title = "Group Restriction Not Allowed" %]
- You tried to restrict [% terms.abug %] to the "[% name FILTER html %]"
- group, but either this group does not exist, or you are not allowed
- to restrict [% terms.bugs %] to this group in the "[% product.name FILTER html %]"
- product.
+ You tried to restrict [% bug_id ? "$terms.bug $bug_id" : terms.abug FILTER html %]
+ to the '[% name FILTER html %]' group, but either this group does not exist,
+ or you are not allowed to restrict [% terms.bugs %] to this group in the
+ '[% product FILTER html %]' product.
[% ELSIF error == "group_not_specified" %]
[% title = "Group not specified" %]